diff --git a/mls-rs-core/src/identity.rs b/mls-rs-core/src/identity.rs index 025063fa..e3882116 100644 --- a/mls-rs-core/src/identity.rs +++ b/mls-rs-core/src/identity.rs @@ -19,10 +19,11 @@ pub use signing_identity::*; #[cfg(feature = "x509")] pub use x509::*; -use crate::crypto::SignatureSecretKey; +use crate::crypto::{CipherSuite, SignatureSecretKey}; #[derive(Clone, Debug, MlsEncode, MlsSize, MlsDecode, PartialEq)] pub struct SigningData { pub signing_identity: SigningIdentity, pub signing_key: SignatureSecretKey, + pub cipher_suite: CipherSuite, } diff --git a/mls-rs/src/client.rs b/mls-rs/src/client.rs index ec34b563..36121eff 100644 --- a/mls-rs/src/client.rs +++ b/mls-rs/src/client.rs @@ -434,15 +434,15 @@ where #[cfg_attr(all(feature = "ffi", not(test)), safer_ffi_gen::safer_ffi_gen_ignore)] pub fn key_package_builder( &self, - signing_data: Option<(CipherSuite, SigningData)>, + signing_data: Option, ) -> Result< KeyPackageBuilder<::CipherSuiteProvider>, MlsError, > { // TODO create provider inside key package builder - let (cipher_suite, signing_data) = signing_data.unzip(); - - let cipher_suite = cipher_suite + let cipher_suite = signing_data + .as_ref() + .map(|data| data.cipher_suite) .or(self.signing_identity.as_ref().map(|(_, cs)| *cs)) // TODO no error fits .ok_or(MlsError::CipherSuiteMismatch)?; diff --git a/mls-rs/src/external_client/builder.rs b/mls-rs/src/external_client/builder.rs index 74ed03de..d7ca16f5 100644 --- a/mls-rs/src/external_client/builder.rs +++ b/mls-rs/src/external_client/builder.rs @@ -274,11 +274,13 @@ impl ExternalClientBuilder { self, signer: SignatureSecretKey, signing_identity: SigningIdentity, + cipher_suite: CipherSuite, ) -> ExternalClientBuilder> { let mut c = self.0.into_config(); c.0.signing_data = Some(SigningData { signing_identity, signing_key: signer, + cipher_suite, }); ExternalClientBuilder(c) } @@ -559,7 +561,7 @@ mod private { } use mls_rs_core::{ - crypto::SignatureSecretKey, + crypto::{CipherSuite, SignatureSecretKey}, identity::{IdentityProvider, SigningData, SigningIdentity}, }; use private::{Config, ConfigInner, IntoConfig}; diff --git a/mls-rs/src/external_client/group.rs b/mls-rs/src/external_client/group.rs index 6f85cfbd..cb50e4be 100644 --- a/mls-rs/src/external_client/group.rs +++ b/mls-rs/src/external_client/group.rs @@ -436,6 +436,7 @@ impl ExternalGroup { let SigningData { signing_key, signing_identity, + .. } = self.signing_data.as_ref().ok_or(MlsError::SignerNotFound)?; let external_senders_ext = self @@ -1234,6 +1235,7 @@ mod tests { server.signing_data = Some(SigningData { signing_key: server_key, signing_identity: server_identity, + cipher_suite: TEST_CIPHER_SUITE, }); let charlie_key_package = @@ -1257,6 +1259,7 @@ mod tests { server.signing_data = Some(SigningData { signing_key: server_key, signing_identity: server_identity, + cipher_suite: TEST_CIPHER_SUITE, }); let external_proposal = server.propose_remove(1, vec![]).await.unwrap(); @@ -1273,6 +1276,7 @@ mod tests { server.signing_data = Some(SigningData { signing_key: secret_key, signing_identity: signing_id, + cipher_suite: TEST_CIPHER_SUITE, }); let charlie_key_package = @@ -1305,6 +1309,7 @@ mod tests { server.signing_data = Some(SigningData { signing_key: server_key, signing_identity: server_identity, + cipher_suite: TEST_CIPHER_SUITE, }); let res = server.propose_remove(1, vec![]).await; diff --git a/mls-rs/src/group/resumption.rs b/mls-rs/src/group/resumption.rs index a3af2ce5..25646390 100644 --- a/mls-rs/src/group/resumption.rs +++ b/mls-rs/src/group/resumption.rs @@ -173,7 +173,7 @@ impl ReinitClient { #[cfg_attr(not(mls_build_async), maybe_async::must_be_sync)] pub fn key_package_builder( &self, - signing_data: Option<(CipherSuite, SigningData)>, + signing_data: Option, ) -> Result< KeyPackageBuilder<::CipherSuiteProvider>, MlsError, diff --git a/mls-rs/src/key_package/builder.rs b/mls-rs/src/key_package/builder.rs index 49c252a4..b96a08cf 100644 --- a/mls-rs/src/key_package/builder.rs +++ b/mls-rs/src/key_package/builder.rs @@ -98,6 +98,7 @@ impl KeyPackageBuilder { let SigningData { signing_identity, signing_key, + .. } = self.signing_data; let (init_secret_key, public_init) = self @@ -185,10 +186,13 @@ impl KeyPackageBuilder { .signing_identity .clone() .zip(client.signer.clone()) - .map(|((signing_identity, _), signing_key)| SigningData { - signing_identity, - signing_key, - }) + .map( + |((signing_identity, cipher_suite), signing_key)| SigningData { + signing_identity, + signing_key, + cipher_suite, + }, + ) .or(signing_data) .ok_or(MlsError::SignerNotFound)?; diff --git a/mls-rs/test_harness_integration/src/by_ref_proposal.rs b/mls-rs/test_harness_integration/src/by_ref_proposal.rs index ddb67e29..9557f04c 100644 --- a/mls-rs/test_harness_integration/src/by_ref_proposal.rs +++ b/mls-rs/test_harness_integration/src/by_ref_proposal.rs @@ -413,9 +413,10 @@ pub(crate) mod external_proposal { request: Request, ) -> Result, Status> { let request = request.into_inner(); + let cipher_suite = (request.cipher_suite as u16).into(); let cs = OpensslCryptoProvider::new() - .cipher_suite_provider((request.cipher_suite as u16).into()) + .cipher_suite_provider(cipher_suite) .ok_or_else(|| Status::aborted("ciphersuite not supported"))?; let (secret_key, public_key) = cs.signature_key_generate().map_err(abort)?; @@ -429,7 +430,7 @@ pub(crate) mod external_proposal { let ext_client = ExternalClientBuilder::new() .crypto_provider(OpensslCryptoProvider::default()) .identity_provider(BasicIdentityProvider::new()) - .signer(secret_key, signing_identity) + .signer(secret_key, signing_identity, cipher_suite) .build(); let signer_id = *ext_clients.keys().max().unwrap_or(&0);